From 9412881d6d454dee74c8538d17b7239992e0a28c Mon Sep 17 00:00:00 2001
From: Mitchell Grice <mitchell.grice@deswik.com>
Date: Thu, 16 May 2024 14:31:05 +1000
Subject: [PATCH] fix(ec2): Add v7 VPC flow log record fields

---
 .../test/integ.vpc-flow-logs-customformat.ts  | 10 ++++
 .../aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.ts  | 56 +++++++++++++++++++
 .../aws-ec2/test/vpc-flow-logs.test.ts        | 10 ++++
 3 files changed, 76 insertions(+)

diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.ts
index 0e856160bffeb..162588e3b4308 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.ts
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.ts
@@ -51,6 +51,16 @@ class TestStack extends Stack {
         LogFormat.PKT_DST_AWS_SERVICE,
         LogFormat.FLOW_DIRECTION,
         LogFormat.TRAFFIC_PATH,
+        LogFormat.ECS_CLUSTER_ARN,
+        LogFormat.ECS_CLUSTER_NAME,
+        LogFormat.ECS_CONTAINER_INSTANCE_ARN,
+        LogFormat.ECS_CONTAINER_INSTANCE_ID,
+        LogFormat.ECS_CONTAINER_ID,
+        LogFormat.ECS_SECOND_CONTAINER_ID,
+        LogFormat.ECS_SERVICE_NAME,
+        LogFormat.ECS_TASK_DEFINITION_ARN,
+        LogFormat.ECS_TASK_ARN,
+        LogFormat.ECS_TASK_ID,
       ],
     });
 
diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.ts
index 94a7e5f370fda..32d40c5dc2c15 100644
--- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.ts
+++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.ts
@@ -470,6 +470,7 @@ export enum FlowLogMaxAggregationInterval {
 
 /**
  * The following table describes all of the available fields for a flow log record.
+ * See https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records
  */
 export class LogFormat {
   /**
@@ -646,6 +647,61 @@ export class LogFormat {
    */
   public static readonly TRAFFIC_PATH = LogFormat.field('traffic-path');
 
+  /**
+   * AWS Resource Name (ARN) of the ECS cluster if the traffic is from a running ECS task.
+   */
+  public static readonly ECS_CLUSTER_ARN = LogFormat.field('ecs-cluster-arn');
+
+  /**
+   * Name of the ECS cluster if the traffic is from a running ECS task.
+   */
+  public static readonly ECS_CLUSTER_NAME = LogFormat.field('ecs-cluster-name');
+
+  /**
+   * ARN of the ECS container instance if the traffic is from a running ECS task on an EC2 instance.
+   * If the capacity provider is AWS Fargate, this field will be '-'.
+   */
+  public static readonly ECS_CONTAINER_INSTANCE_ARN = LogFormat.field('ecs-container-instance-arn');
+
+  /**
+   * ID of the ECS container instance if the traffic is from a running ECS task on an EC2 instance.
+   * If the capacity provider is AWS Fargate, this field will be '-'.
+   */
+  public static readonly ECS_CONTAINER_INSTANCE_ID = LogFormat.field('ecs-container-instance-id');
+
+  /**
+   * Docker runtime ID of the container if the traffic is from a running ECS task.
+   * If there are one or more containers in the ECS task, this will be the docker runtime ID of the first container.
+   */
+  public static readonly ECS_CONTAINER_ID = LogFormat.field('ecs-container-id');
+
+  /**
+   * Docker runtime ID of the container if the traffic is from a running ECS task.
+   * If there are more than one containers in the ECS task, this will be the Docker runtime ID of the second container.
+   */
+  public static readonly ECS_SECOND_CONTAINER_ID = LogFormat.field('ecs-second-container-id');
+
+  /**
+   * Name of the ECS service if the traffic is from a running ECS task and the ECS task is started by an ECS service.
+   * If the ECS task is not started by an ECS service, this field will be '-'.
+   */
+  public static readonly ECS_SERVICE_NAME = LogFormat.field('ecs-service-name');
+
+  /**
+   * ARN of the ECS task definition if the traffic is from a running ECS task.
+   */
+  public static readonly ECS_TASK_DEFINITION_ARN = LogFormat.field('ecs-task-definition-arn');
+
+  /**
+   * ARN of the ECS task if the traffic is from a running ECS task.
+   */
+  public static readonly ECS_TASK_ARN = LogFormat.field('ecs-task-arn');
+
+  /**
+   * ID of the ECS task if the traffic is from a running ECS task.
+   */
+  public static readonly ECS_TASK_ID = LogFormat.field('ecs-task-id');
+
   /**
    * The default format.
    */
diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc-flow-logs.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc-flow-logs.test.ts
index 42ed33b58c8bf..34a79f708b4c2 100644
--- a/packages/aws-cdk-lib/aws-ec2/test/vpc-flow-logs.test.ts
+++ b/packages/aws-cdk-lib/aws-ec2/test/vpc-flow-logs.test.ts
@@ -712,6 +712,16 @@ test('log format for built-in types is correct', () => {
       LogFormat.PKT_DST_AWS_SERVICE,
       LogFormat.FLOW_DIRECTION,
       LogFormat.TRAFFIC_PATH,
+      LogFormat.ECS_CLUSTER_ARN,
+      LogFormat.ECS_CLUSTER_NAME,
+      LogFormat.ECS_CONTAINER_INSTANCE_ARN,
+      LogFormat.ECS_CONTAINER_INSTANCE_ID,
+      LogFormat.ECS_CONTAINER_ID,
+      LogFormat.ECS_SECOND_CONTAINER_ID,
+      LogFormat.ECS_SERVICE_NAME,
+      LogFormat.ECS_TASK_DEFINITION_ARN,
+      LogFormat.ECS_TASK_ARN,
+      LogFormat.ECS_TASK_ID,
     ],
   });